Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:105107 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 10093 invoked from network); 5 Apr 2019 14:46:08 -0000 Received: from unknown (HELO mail-oi1-f193.google.com) (209.85.167.193) by pb1.pair.com with SMTP; 5 Apr 2019 14:46:08 -0000 Received: by mail-oi1-f193.google.com with SMTP id e5so4622813oii.0 for ; Fri, 05 Apr 2019 04:42:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=B7paM3B+dpp1qy/J1/4TlHCVha3YznAc0/reNKyGbfo=; b=NS8zKQ7hH6ghUj2hAenPnlwyLBVD1glt/REakPfz+ULTgLxG/i5uwolZ2Y2QD32y4F SfYqWxJt3l3YTE/qOpWvOvE12bfNThM7VWgX78Qh29cztFiGZShmVzRxEBTaQqiF8+NF ORbzP7CVCu13Xwacs6R/VNrdzB/uya1pPRuld6Kjt0c6yiMJ92+dPrYMAB4dbfVfr9jj llLC1+RL5nFxQRn88Y678f9hu87gEpm5WNdP73N+J+fDF5VwL9zU+Csq4u+EqvG9omp/ LAwXY+s6cEOVyTvPjCFrncMBp00pO81Wv5j4wHOh+Vj88X309gQpe0uWCIlgjKc5vwCc UK6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=B7paM3B+dpp1qy/J1/4TlHCVha3YznAc0/reNKyGbfo=; b=DIebJfI4zt6HY9qh0RTCulgyy+Uq1OZX5kc+Uj6DM8L+utZ6XUwV5qCetjUcbraxNn g00RTVlu7fl559kchUFtdJIYrrqys+O1eNoLXNuloBpZBeNq3PDvfThwhXaVb1dwNVen 6UvdZ67V0iOJlLn7LoLnmfU7krIO3vesF08kLQgIMLgIzLIxIg6bBKIzYvF36Z+aSkRq /0C1gE2yOxtRazfztke5NRAtdXBHuUiOGY5yA9c/DH/qes28GtjR/rJWLHKg1PlxurOf BgNNDQx4Rt4fp1m761joHWvQ/HHWywrnJBfiOO773m90aoIt6ENozlQP5pRvvJRBbOhY rQqA== X-Gm-Message-State: APjAAAVdQBetmTc+8krv2R39ueHu3WTVv+sLKZdQWkqKMHr06jGeI6Uf 8j6z6gniuEa01Ar+sVKxrABkoKiJzxgTL3BIeAo= X-Google-Smtp-Source: APXvYqxfP4batAeHmtIcuXF1BSpNKD+OwjuzrGKLhVNim2YDzp/SDK9WknF+E497POZrDyZQn4kq7jBs+FW5bzInjJo= X-Received: by 2002:aca:4f56:: with SMTP id d83mr6378554oib.24.1554464520395; Fri, 05 Apr 2019 04:42:00 -0700 (PDT) MIME-Version: 1.0 References: <65AF9E1E-DFA6-47AE-952B-9ABEBD9B6038@gmail.com> <284d1f9f-03d3-1488-77dd-82e18edf9f4c@gmail.com> <3144F5D1-1F18-4C42-9B3E-AF1B1E598E47@koalephant.com> <917cb7bc-4abc-4bae-1a5a-b2ba1777fa55@gmail.com> In-Reply-To: Date: Fri, 5 Apr 2019 12:41:48 +0100 Message-ID: To: Rowan Collins Cc: PHP internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] Question about adding !function_identifier From: robehickman@gmail.com (Robert Hickman) In the first case: function foo(callable $bar): int { return $bar(); } I think the value of $bar would have to fall into a set of values known to the programmer, or at least known at some level. The only way I can currently think of where this would be truly unknown is if it comes from unfiltered user data, which would be a security issue, due to allowing arbitrary function calls. Wordpress does something like this in it's shortcode and 'action/filter' system, The set of valid function calls in that case would be mostly defined by all calls to 'add_action' and 'do_action' (and related functions for shortcodes) in the core and installed plug-ins. It may be unknown in some cases if that is controlled by user input. As above I doubt that is truly unknown as allowing untrusted input would be a security issue. In the second case the iterable has to come from somewhere, so it's content would be defined by whatever that 'somewhere' is. Getting back to the original topic, how would 'throws' interact with exceptions raised by the php interpreter itself? On Fri, 5 Apr 2019 at 12:12, Rowan Collins wrote: > > On Fri, 5 Apr 2019 at 11:30, Robert Hickman wrote: > > > If a static > > analyser were programmable, it could parse the SQL query and query the > > database to find out what keys exist in some_table. Thus it could > > check for references to non-existing keys. > > > > > That's an interesting example, but I don't think it generalises as far as > you think: what would a "programmable analyser" do with an array of HTTP > headers, or query-string parameters? > > However, I wasn't referring to dynamic *data* like this, but rather dynamic > behaviour in the language itself. A couple of simple examples: > > function foo(callable $bar): int { return $bar(); } > function foo(iterable $bar): int { foreach ( $bar as $baz ) { return $baz; > } } > > In order to analyse those, you need a) the language to offer a richer type > system (generics, derived types, etc); and b) the programmer to make full > use of that type system, everywhere. > > As soon as you have code that's missing rich type information, or use a > truly dynamic feature, that whole section of code becomes essentially > unchecked. That's why Hack is not only adding features for richer > (statically analysed) type annotations, but also *removing* PHP features > which don't work nicely with them. > > Regards, > -- > Rowan Collins > [IMSoP]